Linux optimize

Set up a free and secure Terminal Server with Linux

Jack Wallen suggests ditching the Windows Terminal Server and migrating to using a Linux box. Learn how to set up and use NX Free, a tool that can help with this task.

I have worked with a lot of clients who require Terminal Server. Many of these clients use the Terminal Server as a way to centralize application and file hosting. Many of them wind up paying a lot of money for Windows Terminal Server (and the necessary licensing) to see their users only firing up email, office suites, and maybe on occasion a specialized piece of software or financial software. A quick way to save your company cash is to ditch the Windows Terminal Server and migrate to using a Linux box.

On some levels, this is an incredibly easy task. Linux is already a multi-user operating system that allows for more than one user to be logged in at a time, so any user who has an account on a machine can have access to that machine. Although most modern Linux desktops make it a breeze to share out a desktop, that's not the route we want to take -- what we want is a system that will allow any user on a system to log in remotely and securely. If you've done any admin work with Linux, you know you can tunnel X11 (graphical applications) through secure shell. This is a secure method, but not a method you can take advantage of for everyday users. Fortunately, there's a free tool by NoMachine called NX Free that can connect to a complete remote desktop session through ssh (secure shell).

Note: The free version of the application used here for the vnc server has a limitation of only two users. If you have a need for more than two users, you can purchase the premium edition of the software or look to other options such as TightVNC, xrdp, or vncserver. Although these servers aren't as easy to set up as NXFree, you will enjoy unlimited users at no cost.

Software and users

Before we get into the setup and usage of NX Free, let's discuss the server's setup. The first thing you should know is remote users will be able to use any user-level software on the machine. So, if there is software you don't want remote users to access (such as games), remove it. Since we are dealing with a different platform, there might be software that doesn't run natively. For those applications, I recommend running them with the help of Wine. The software capable of running under this tool is fairly significant.

Although ssh is a very secure protocol, when dealing with multiple users logging on and with the possibility of critical or sensitive data involved, you will want an added layer of security on the remote connections. I recommend installing Fail2ban; this will block IP addresses that show signs of malicious activity (such as too many unsuccessful login attempts or exploits).

You should make sure that every user who needs to get onto the machine has an account, a home directory, and a strong password. Setting up the user accounts is simple -- and is also where I veer away from the traditional school of thought with UNIX/Linux terminal servers. I recommend setting up your Terminal Server with a graphical front end because every aspect of the Terminal Server will be much easier to maintain. You will have all the GUI tools you need to set up users, software, security, printing, etc.

Installing NX Free Server and Client

Download the NX Free server for Linux that matches your package management system (.rpm or .deb), and then install it with the following command (I will demonstrate on a Ubuntu machine -- the installation on an .rpm-based machine will be different):

sudo dpkg -i nxserver_XXX_ZZZ.deb

XXX is the release number, and ZZZ is the architecture (i386 or x64).

If you're installing on an .rpm-based machine, the command (to be run as the root user) is:

rpm -ivh nxserver_XXX_ZZZ.rpm

XXX is the release number, and ZZZ is the architecture (i386 or x64).

Once installed, the server will be up and running and ready for connections. All that is left is to install the client and connect.

Let's connect to the new Linux Terminal Server from a Windows 7 machine. To do this, you must install the NX Client for Windows. After the client is installed, you can start it up by going to Start | All Programs | NX Client For Windows | NX Connection Wizard. When this tool starts up, you are ready to set up the connection.

Setting up the connection

This step should be done on all client machines that need to connect to the Terminal Server. When you fire up the Connection Wizard, you will be able to define the options necessary to connect to the server. I will assume you have the server set up on a static IP address.

The first screen of the wizard is the welcome screen. Click Next to move to the first interactive screen (Figure A). Figure A

You can select the speed of your connection by dragging the slider to the associated type.

In the first screen, enter a human readable name for the Session and the address of the Terminal Server in the host. Leave the port set at the default and click Next.

The next screen allows you to specify the desktop settings (Figure B). From here, you can select:
  • Platform type: You'll want to select Unix
  • Desktop type: KDE, GNOME, CDE, XDM, or Custom
  • Size of the desktop: This will depend upon your screen size
Figure B

You can disable encryption, but that would defeat the security of the system.
If you select Custom for the desktop type, you will need to configure the following (Figure C):
  • Application: Console, Default X script, or custom script
  • Options: Floating window or new virtual desktop
Figure C

Some configurations will not allow you to customize the size of the remote desktop.

Click the Next button to continue to the final screen.

The last step asks if you want a desktop icon for the connection and if you want to set up the advanced configuration dialog. The advanced configuration allows you to set up the following:

  • Network options (such as proxy)
  • System settings (such as grabbing the keyboard when client has focus)
  • Printing (enable local printing)
  • Environment (such as the mapping the local directory and font server)
You will be presented with the login window (Figure D). Enter a user's credentials and once authentication has succeeded you will presented with the Terminal Server window. The user can now perform their duties as if they were logged on directly to the remote machine. Figure D

You can have multiple sessions set up and then select which one you want to connect to (allowing you to use one NX Client for multiple connections).

Bottom line

This Terminal Server might not offer you everything you need (if you need QuickBooks, you better look the other way), but it is a solution that can work in many situations. Give this a try before you spend money on Microsoft Terminal Server and the necessary CALS.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

14 comments
man-walking
man-walking

AFAIK the most advanced and maintained project in open souce (Linux) world ATM for terminal server is X2GO, other previous ones line FreeNX, NeatX, etc... were incomplete with various bugs and now seems abandoned. I have tried X2GO many months ago and works very well, compresses data (JPG or others methods), does use SSH, works with various DE, streams audio, give you option to use local printer... Also, don't confuse VNC remote stuff with terminal/server remote access, since VNC is bare master administration session, the TS client method instead is the real one that is USER based. (you can't login as an user with VNC) Also, VNC is history and bitmap based...

APSDave
APSDave

Here is a link to the Linux Terminal Server Project http://www.ltsp.org/ I like this one because it can be used on diskless or network bootable computers. Again, this is a Linux session you get and not a Windows session

jlwallen
jlwallen

I only used FreeNX as an example for its ease of use. There are other, free (and unlimited) solutions -- such at tightvnc, xrdp, vncserver, and plenty more. I appologize that FreeNX was limited and failed to mention that. I have used tightvnc for the same type of setup and have had a lot of luck. The only difference is it won't be using ssh for security. Again, that was an oversight on my part. Jack

dbl
dbl

The issue is to terminal into a Windows server machine. Not to change the culture from Windows to Linux. Not sure how this is going to help a Windows shop that depends on Widnwos apps, unless I'm missing something very obvious to everyone else.

swade
swade

Save yourself some trouble and install SSHD before getting started (if you don't have it installed already, like I did). My install for the server should have been: SSHD NX Client NX Node NX Server

swade
swade

According to the website, you need to install more than just the server: Note: Installation of NX Server for Linux requires the download and installation of three packages: client, node and server. The client is needed because it ships libraries used by the node. The node is needed because it ships tools needed by the server. Furthermore, the SSH server daemon (SSHD) needs to be up and running on each of the NX Node machines since NX relies on the mechanism provided by the SSH subsystem for handling user authentication.

engine411
engine411

Too bad you need to install software on a Windows workstation. This would be much better if I could fire up the built-in RDP client on my workstation to connect to the Linux terminal server...

jkameleon
jkameleon

Open source X window server for Windows. IMHE it works flawlessly for individual apps. In principle, you could also run entire Linux desktop in a Windows window. Start XMing with "-screen 0 1024 768" command line option, and then run "startx", "plasma-desktop" "xfce4-session", or something similar through PuTTY. It should work with a bit of tweaking. Personally, I use only YaST, thunar/dolphin, and xfce4-tasmanager/ksysguard, and I don't have any need for entire desktop.

grassiap
grassiap

is a free version of the commercial product. As such it comes wth a limitation: 2 users. period. Not 2 at one, 2 registered users. Clones exist: freenx and neatx that do not have this limitation, but have some feature limitation like not supporting sound of sharing the local drive with the remote machine.

eCubeH
eCubeH

Jack - Always enjoy your articles, always get some new insights into tools, apps and services. Would love to see a good article on LTSP. I see a post of yours from June2011, you sounded frustrated on LTSP and I agree with the ease of use thing. I too tried a couple of years back and then gave up because I was pressed for time and the documentation seemed not so great. But it has incredible potential for cost-effective access in places where cost matters, and I plan to give it a shot again soon. I see they have new and improved documentation too. Edited: Just saw your Oct 2011 article - I would still enjoy a complete article on LTSP http://www.techrepublic.com/blog/doityourself-it-guy/diy-four-terminal-server-alternatives/92

daboochmeister
daboochmeister

You can def do that, but in my experience, you're going to get significantly better responsiveness and lower bandwidth usage with NX desktop. I haven't delved into the details of the protocol, but they're clearly doing something more efficient than standard remoting of X (or than remote frame buffer solutions, like VNC, for that matter).

swade
swade

The Free product in the article is presented as something that could be used for clients but only 2 concurrent users. Either I feel shammed into wasting time on a product that would only suit clients with 2 users, or TR did a pretty poor job in presenting the solution as a DEMO. 2 users is a demo. Honestly, I'm getting close to walking away from TR at this point since it seems much more a place for vendors to come and shill products to a captive audience than the trusted, tech-supporting org it once was. I can't tell you how many times I have installed something blindly because it was on TR. After one piece of adware too many, those days are over.

eCubeH
eCubeH

A Terminal Server would be designed to serve terminals right? Like more than a couple simultaneous connects? So with a limitation of 2, its more like a demo version post which you decide whether you want the real product or not - and pay for it, of course. Quite a disappointment - unless I am missing something.